I'm trying to test to see if FIPS-140-2 is correctly enabled with Windows Server 2016. Is there a Powershell command I could run to check if the feature is properly enabled, and not just set in the registry/group policy?
I don't want to check for the existence of the registry key or policy, I actually want to trigger a windows error that would lead me to believe its enabled vs a non-FIPS enabled server.
Thanks!
Thanks to @Eric Gibson's answer, I came up with:
$md5 = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider
will result in
New-Object : Exception calling ".ctor" with "0" argument(s): "This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms."
Function Test-FipsEnabled {
try {
New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider
} catch {
return $true
}
return $false
}
Best Answer
I'm pretty sure this is what you're looking for: https://technet.microsoft.com/en-us/library/cc750357.aspx#ID0EVE
Under the "System Integrators" portion is where Microsoft specifies where the "rubber meets the road" in FIPS compliance. If you're trying to automate some kind of auditing mechanism, that's a good place to start.